2.3 Timed Automata and Real-Time Statecharts

Slides:

Advertisements

Ähnliche Präsentationen

Finding the Pattern You Need: The Design Pattern Intent Ontology

Advertisements

DNS-Resolver-Mechanismus

R. Zankl – Ch. Oelschlegel – M. Schüler – M. Karg – H. Obermayer R. Gottanka – F. Rösch – P. Keidler – A. Spangler th Expert Meeting Business.

The difference between kein and nicht.

Multi electron atoms Atoms with Z>1 contain >1 electron. This changes the atomic structure considerably because in addition to the electron-nucleus interaction,

Fakultät für informatik informatik 12 technische universität dortmund Optimizations Peter Marwedel TU Dortmund Informatik 12 Germany 2009/01/17 Graphics:

Fakultät für informatik informatik 12 technische universität dortmund Specifications Peter Marwedel TU Dortmund, Informatik 12 Graphics: © Alexandra Nolte,

Peter Marwedel TU Dortmund, Informatik 12

Subjects and Direct Objects When to use der vs. den.

Wechselpräpositionen

Telling Time in German Deutsch 1 Part 1 Time in German There are two ways to tell time in German. There are two ways to tell time in German. Standard.

NUMEX – Numerical experiments for the GME Fachhochschule Bonn-Rhein-Sieg Wolfgang Joppich PFTOOL - Precipitation forecast toolbox Semi-Lagrangian Mass-Integrating.

Wozu die Autokorrelationsfunktion?

Institut für Verkehrsführung und Fahrzeugsteuerung > Technologien aus Luft- und Raumfahrt für Straße und Schiene Automatic Maneuver Recognition in the.

Institut für Verkehrsführung und Fahrzeugsteuerung > Technologien aus Luft- und Raumfahrt für Straße und Schiene Driving Manoeuvre Recognition > 19. Januar.

Lancing: What is the future? Lutz Heinemann Profil Institute for Clinical Research, San Diego, US Profil Institut für Stoffwechselforschung, Neuss Science.

Deutsche Gesellschaft für Technische Zusammenarbeit GmbH Integrated Experts as interface between technical cooperation and the private sector – An Example.

Methods Fuzzy- Logic enables the modeling of rule based knowledge by the use of fuzzy criteria instead of exact measurement values or threshold values.

Comparative Adjectives. The term comparison of adjectives is used when two or more persons or things have the same quality (height, size, color, any characteristic)

Die Hausaufgaben: Machen Sie Ü. 7 auf S. 29

Institut für Umweltphysik/Fernerkundung Physik/Elektrotechnik Fachbereich 1 Pointing Meeting Nov 2006 S. Noël IFE/IUP Elevation and Azimuth Jumps during.

Adjektive Endungen von Frau Templeton.

Laurie Clarcq The purpose of language, used in communication, is to create a picture in the mind and/or the heart of another.

Introduction to Articles

Die Zeit (TIME) Germans are on military time which is 1-24

Sabine Dennerlein Nice to meet you! Enjoy 60 seconds of your precious time for yourself! Cornelia Renate Gottwald Your personal holistic health coach.

Institut AIFB, Universität Karlsruhe (TH) Forschungsuniversität gegründet 1825 Towards Automatic Composition of Processes based on Semantic.

Sanjay Patil Standards Architect – SAP AG April 2008

| DC-IAP/SVC3 | © Bosch Rexroth Pneumatics GmbH This document, as well as the data, specifications and other information set forth in.

BAS5SE | Fachhochschule Hagenberg | Daniel Khan | S SPR5 MVC Plugin Development SPR6P.

Ich möchte ein Eisberg sein. Last time … 3 icebergs Triangels Unique connections Ich möchte ein Eisberg sein

The free XML Editor for Windows COOKTOP Semistrukturierte Daten 1 Vortrag Semistrukturierte Daten 1 COOKTOP The free XML-Editor for Windows

Alp-Water-Scarce Water Management Strategies against Water Scarcity in the Alps 4 th General Meeting Cambery, 21 st September 2010 Water Scarcity Warning.

Wortschatz angenehm comfortable anstrengend tiring ausgezeichnet outstanding bequem comfortable berühmt famous besser better blöd stupid einfach easy fantastisch.

Neno Loje Berater & MVP für Visual Studio ALM und TFS (ehemals VSTS) Hochqualitative Produkte mit Visual Studio & TFS 2010.

Quelle: Standish Group, 2006 Fourth Quarter Research Report, CHAOS Research Results.

3/28/2017 8:11 PM Visual Studio Tools für Office { Rapid Application Development für Office } Jens Häupel Platform Strategy Manager Microsoft Deutschland.

You need to use your mouse to see this presentation © Heidi Behrens.

Department of Computer Science Homepage HTML Preprocessor Perl Database Revision Control System © 1998, Leonhard Jaschke, Institut für Wissenschaftliches.

Wortschatz der Schulhof the playground die Aula the hall

INTAKT- Interkulturelle Berufsfelderkundungen als ausbildungsbezogene Lerneinheiten in berufsqualifizierenden Auslandspraktika DE/10/LLP-LdV/TOI/

Reflexive Verben

Verben Wiederholung Deutsch III Notizen.

Kölner Karneval By Logan Mack

Impairments in Polarization-Multiplexed DWDM Channels due to Cross- Polarization Modulation Marcus Winter Christian-Alexander Bunge Klaus Petermann Hochfrequenztechnik-Photonik.

Einführung Bild und Erkenntnis Einige Probleme Fazit Eberhard Karls Universität Tübingen Philosophische Fakultät Institut für Medienwissenschaft Epistemic.

Berner Fachhochschule Hochschule für Agrar-, Forst- und Lebensmittelwissenschaften HAFL Recent activities on ammonia emissions: Emission inventory Rindvieh.

4th Symposium on Lidar Atmospheric Applications

Ein Projekt des Technischen Jugendfreizeit- und Bildungsvereins (tjfbv) e.V. kommunizieren.de Blended Learning for people with disabilities.

Design Patterns Ein Muster (pattern) ist eine Idee, die sich in einem praktischen Kontext als nützlich erwiesen hat und dies auch in anderen sein wird.

Talking about yourself

Relativpronomen / Relativsätze:

By: Jade Bowerman. German numbers are quite a bit like our own. You start with one through ten and then you add 20, 30, 40 or 50 to them. For time you.

By Martin L. Loeffler. The future tense is created in two ways. You introduce a time reference in the future. Anything that implies a future time. Morgen,

Negation is when you dont have or dont do something.

3rd Review, Vienna, 16th of April 1999 SIT-MOON ESPRIT Project Nr Siemens AG Österreich Robotiker Technische Universität Wien Politecnico di Milano.

Adjectiv Endungen Lite: Adjective following articles and pre-ceeding nouns. Colors and Clothes.

Relativpronomen / Relativsätze:

HRM A – G. Grote ETHZ, WS 06/07 HRM A: Work process design Overview.

Greetings and goodbyes Deutschland v. USA

KIT – die Kooperation von Forschungszentrum Karlsruhe GmbH und Universität Karlsruhe (TH) Vorlesung Knowledge Discovery - Institut AIFB Tempus fugit Towards.

DEUTSCHE VERBEN I. REGULAR VERBS.

Separable Verbs Turn to page R22 in your German One Book R22 is in the back of the book There are examples at the top of the page.

1 Intern | ST-IN/PRM-EU | | © Robert Bosch GmbH Alle Rechte vorbehalten, auch bzgl. jeder Verfügung, Verwertung, Reproduktion, Bearbeitung,

Plusquamperfekt The past of the past.

1 Stevens Direct Scaling Methods and the Uniqueness Problem: Empirical Evaluation of an Axiom fundamental to Interval Scale Level.

THE PERFECT TENSE IN GERMAN

Adjective Endings Nominative & Accusative Cases describing auf deutsch The information contained in this document may not be duplicated or distributed.

Technische Universität München 1 CADUI' June FUNDP Namur G B I The FUSE-System: an Integrated User Interface Design Environment Frank Lonczewski.

TUM in CrossGrid Role and Contribution Fakultät für Informatik der Technischen Universität München Informatik X: Rechnertechnik und Rechnerorganisation.

Präsentation transkript:

2.3 Timed Automata and Real-Time Statecharts

Prize: 100 € Amazon voucher Task: Coding Contest Prize: 100 € Amazon voucher Task: Implement a BUZZER app Server-client application Android (4.0+) front-end Java back-end Submit your complete source code until Dec. 23, 2012 to matthias.becker@upb.de My footnote text - My Name Timed Automata und Realtime Statecharts 29.11.2012

Summary State Machines Different Semantics possible Trade-off: Flexibility (for the developer) vs. clarity (compactness) Precise specification necessary to guarantee unambiguouity (many developers are involved) to enable formal analysis (to prove that requirements are fulfilled) Timed Automata und Realtime Statecharts 29.11.2012

Timed Automata

Timed Automata Based on State Machines Finite state machine with clocks Clocks handle time which is continuous Clock values can be tested or reset Timed Automata und Realtime Statecharts 29.11.2012

A Hot Topic Ein digitales Detail stellt die Deutsche Bahn und den Siemens-Konzern vor große Probleme: Das Kommando zum Anhalten eines ICE-3-Zugs irrt etwa eine Sekunde lang durch den Rechner, bis es ausgeführt wird. Nach SPIEGEL-Informationen verweigerte das Eisenbahn-Bundesamt deshalb die Zulassung. Die acht neuen ICE vom Typ Velaro sind schon lange bestellt, doch Siemens darf nicht liefern - wegen Problemen an der Steuerungssoftware. Nach Informationen des SPIEGEL traten bei Testfahrten des ICE 3 mit den bei der Deutschen Bahn üblichen Doppelzügen schwerwiegende Kommunikationsprobleme in der Software auf. Wird der Befehl zur Aktivierung der Bremsen ausgelöst, erlaubt sich die Steuerung eine Art Gedenksekunde, ehe sie das Kommando umsetzt. Bei einer Geschwindigkeit von 250 Stundenkilometern kommt der Zug nach einer Vollbremsung deshalb erst rund 70 Meter später zum Stehen als die alten ICE. Trotzdem strebte Siemens die Zulassung des ICE 3 an.“ (SPON 24.11.12) Timed Automata und Realtime Statecharts 29.11.2012

Timed Automata Finite state machine with real-valued clocks Locations Clocks handle time which is continuous Clock values can be tested or reset Locations Represent states Transitions Messages Guards Actions Timed Automata und Realtime Statecharts 29.11.2012

A simple alarm clock Goal: Problem: Model an alarm clock that rings after a specified time. When the snooze button is pressed the alarm is postponed for 5 minutes. The alarm shall not sound more than 10 minutes. Problem: UML allows only rather informal specification of time in State Machines. Timed Automata und Realtime Statecharts 29.11.2012

A simple alarm clock Solution: Add a clock “clock1” Clock runs in back-ground during execution Clock conditions can serve as guards Clock can be reset (or set to any other time) Timed Automata und Realtime Statecharts 29.11.2012

A simple alarm clock Invariants ensure that the state is active at most the given amount of time Requirement: “The alarm shall not sound more than 10 minutes.” Timed Automata und Realtime Statecharts 29.11.2012

Timed Automata Locations Transitions Clocks Represent states Guards Tells when the transition is enabled Actions Clocks Test them in guards Reset them in actions Invariants on states Timed Automata und Realtime Statecharts 29.11.2012

Networked Timed Automata Channels are used to synchronize TA Both automata take respective transition simultaneously Channels are bidirectional Can have an assigned priority Original definition Only 1:1 synchronization Later versions: 1:n synchronization (one ! and many ?) Acts as a guard Transition cannot be taken unless both processes are in the state that enables synchronization NETWORKED Synchronisation pair is chosen non-deterministically if several combinations are enabled and no broadcast defined Timed Automata und Realtime Statecharts 29.11.2012

Networked Timed Automata Locations Represent states Transitions Guards Tells when the transition is enabled Action Clocks Test them in guards Reset them in actions Invariants on states Local and global Channels Way of synchronizing processes Timed Automata und Realtime Statecharts 29.11.2012

Timed Automata Definition A Timed Automaton is a 9-Tupel (L, L0, Ch, A, C, G, Gc, I, E) L : finite, non-empty set of locations (states) L0 L : initial location Ch: finite set of channels used for synchronization A : set of actions (including synchronizations) C : finite set of clocks G : finite set of guards on the variables and clocks Gc G: finite set of propositions depending only on the clocks from C (time constraints) I : L → Gc assigns a time invariant to a location E: finite set of edges between locations, A Time Constraint on the set of clocks C is defined as φ(C) := c < x | c ≤ x | c = x | c > x | c ≥ x | φ1  φ2 where c is a clock from C and is constant. propositions = Aussagen phi Timed Automata und Realtime Statecharts 29.11.2012

Tool Support for Networked Timed Automaton: UPPAAL Uppaal is an integrated tool environment for modeling, simulation and verification of real-time systems. Key features of Uppaal v.4 A graphical system editor allowing graphical descriptions of systems. A graphical simulator which provides graphical visualization. A requirement specification editor. A model-checker for automatic verification. Generation of diagnostic trace UPPAAL is free for academic use only. Uppsala University, Sweden and Aalborg University, Denmark Quelle: http://www.uppaal.com/ Timed Automata und Realtime Statecharts 29.11.2012

Example: Scientists crossing a bridge Scenario: Dijkstra, Turing, Knuth, and Petri are on the return of a conference when their car breaks down in the dark. They cannot stay in the car because there are wild and dangerous animals in the woods. Across a moldered bridge is a house in which they can stay for the night. Timed Automata und Realtime Statecharts 29.11.2012

Example: Scientists crossing a bridge Requirements The bridge can carry at most two people at the same time They have only one flashlight which only lasts one hour and cannot be thrown. The bridge can only be crossed with the flashlight otherwise it’s too dark. The speed of a pair is determined by the speed of the slower person. The times each scientist needs to cross the bridge are: 5 min, 10 min, 20 min, and 25 min. How do they manage to cross the river within an hour? Timed Automata und Realtime Statecharts 29.11.2012

Global Declarations and Templates Urgent location: Time is not allowed to pass in this state. So one of the outgoing transitions is taken “immediately”, though interlea-ving with other processes is allowed. automaton template for scientists automaton template for the flashlight Legend: guards (green) location name (red) update (purple) sync (cyan) Timed Automata und Realtime Statecharts 29.11.2012

System declarations Timed Automata und Realtime Statecharts 29.11.2012

System simulation Timed Automata und Realtime Statecharts 29.11.2012

System simulation Timed Automata und Realtime Statecharts 29.11.2012

Specifying requirements Two different kinds of requirements: Safety: “something bad will not happen” Liveness: “something good will happen” where P ::= (Atomic Propositions) Proc.I oc | (Process Proc at Location Ioc) c = n | c < n | c <= n | (Clock comparison) P and P | P or P | P -> P | (Boolean combinations) not P | P imply P In einer kommenden Vorlesung wird darauf genauer eingegangen. Timed Automata und Realtime Statecharts 29.11.2012

System verification Verify that the system has no deadlock A[] not deadlock  Property is satisfied. Verify that it is possible for every scientist to reach the safe side within 60 minutes: E<> Knuth.safe and Petri.safe and Dijkstra.safe and Turing.safe and time <= 60  Property is satisfied.  Scheduling problem reformulated as reachability property Timed Automata und Realtime Statecharts 29.11.2012

System verification Verify that the system has no deadlock A[] not deadlock  Property is satisfied. Verify that it is possible for every scientist to reach the safe side within 60 minutes: E<> Knuth.safe and Petri.safe and Dijkstra.safe and Turing.safe and time <= 60  Property is satisfied.  Scheduling problem reformulated as reachability property Hint: Activate fastest diagnostic trace to see fastest solution trace in Simulator Timed Automata und Realtime Statecharts 29.11.2012

Real-Time Statecharts

Example: Convoys in RailCab System Motivation RailCabs build convoys to save energy ( slipstream) Safety critical, because only small space between RailCabs => Software has to be correct i.e. “It can never happen that FrontRole is in state convoy and RearRole is in state noConvoy.” Idea: Specify complex communication between roles independently from other system behavior  Validation possible ConvoyCoordination Slipstream = Windschatten Role: front Role: rear RailCab RailCab Fahrtrichtung Timed Automata und Realtime Statecharts 29.11.2012

Coordination Patterns & Realtime Statecharts Coordination Pattern specifies communication of roles Each role specified by a Real-Time Statechart ConvoyCoordination front rear Timed Automata und Realtime Statecharts 29.11.2012

Real-Time Statecharts Combine UML Statemachines by concepts of Timed Automata to add timing constraints: periods, deadlines, (worst case) execution times Clocks: assigned to a Statechart apply for all states of the Statechart apply recursively within hierarchically Statecharts cf: clock name Clock guard Clock-Reset state invariant [Hei09] Feuern von Transitionen kostet im Allgemeinen Zeit  Einsatz von Deadline-Intervallen deadline Timed Automata und Realtime Statecharts 29.11.2012

Mapping RTSCs to Timed Automata Real-Time Statecharts enable hierarchy Timed Automata do not support hierarchy  Real-Time Statecharts have to be flattened to verify them with Uppaal Timed Automata und Realtime Statecharts 29.11.2012

Mapping RTSCs to Timed Automata Timed Automata assume execution of transitions in zero time But: Transitions can have side effects like function calls These are not executable in zero time Therefore, deadlines and WCETs are introduced in RTSCs Can be mapped to Timed Automata (time is consumed within states) Timed Automata und Realtime Statecharts 29.11.2012

Mapping RTSCs to Timed Automata RTSC of FrontRole Timed Automata of FrontRole Hier wird nur Kommunikation verifiziert werden. /convoyProposal wird asychron versendet convoyProposal? wird synchron durchgeführt Wie kann man asynchrone Komm. auf synchrone abbilden? A: Nachricht auf Kanal legen, Nachricht im Kanal speichern, Nachricht an Empfänger übermitteln Timed Automata und Realtime Statecharts 29.11.2012

Mapping RTSCs to Timed Automata RTSC of RearRole Timed Automata of RearRole Timed Automata und Realtime Statecharts 29.11.2012

Verification Input: Timed Automata for FrontRole and RearRole of RailCab Possible Verifications: No Deadlocks: A[ ] not deadlock  Property is satisfied. It can never happen that FrontRole is in state convoy and RearRole is in state noConvoy: A[] not (FrontRole.convoy and RearRole.noConvoy)  Property is satisfied. Timed Automata und Realtime Statecharts 29.11.2012

Conclusion Timed Automata Real-Time Statecharts Finite state machine with continuous clocks and channels for synchronization Automatic verification of requirements via model checking possible Real-Time Statecharts Combination of UML Statecharts and Timed Automata Can be transformed to Timed Automata Coordination Patterns describe complex communications between roles Role behavior is defined by Real-Time Statecharts Timed Automata und Realtime Statecharts 29.11.2012